Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 2 - QuardCard (Powered smart card with a biometric one time password system)

Teaser

Financial fraud is a global problem, with credit card losses reaching +$45 Billion in 2017 and + 50 Billion in 2018. More than 60% of the fraud, with an increasing percentage relates to online activities, with no physical proof of the credit/debit card present. E-banking...

Summary

Financial fraud is a global problem, with credit card losses reaching +$45 Billion in 2017 and + 50 Billion in 2018. More than 60% of the fraud, with an increasing percentage relates to online activities, with no physical proof of the credit/debit card present. E-banking fraud is also significant, with latest UK figures for 2016 in the range of €125M but with a worldwide tendency of rapid increase. Online banking fraud rises with double digit % figures with increasing financial activity on the internet. Online transaction safety is a major issue for individuals, card issuers, merchants and banks, all risking significant losses. The physical payment issues have increased with the popularity of contactless payment where electronic pickpocketing and skimming of cards have in some areas increased contactless fraud by up to 700% in 2018. Pressure is therefore on the financial payments industry to find solutions to ensure the security of sensitive payment information.

The massive increase in Cyber-crime activities can partly happen because the internet can be used under false identities and cause anything from fraud, infiltrating societies and organizations or skim personal data of millions of citizens and organizations. Up to $600 Billion, equal 0.8% of the world GDP was in 2016 lost due Cyber-crime activities. This figure is expected to rise to $ 2,100 billion by 2020.

The digitalized world makes life convenient for Citizens but equally easy to live incognito in the cyber world performing criminal activities hard or impossible to track down. Citizens biometric databases can be hacked and lead to whole nations loss of citizens unique identity, like in India with the Aadhaar data breach and must be stopped.

Block chain solutions and Crypto Currency trading platforms also poses a significant risk of money laundering due to anonymous users. Unique user identification is needed to provide a secure blockchain solution in order to exclude criminal activities with no ability to detect the culprits’ true identity.

This project becomes increasingly important for the society to ensure Cyber security. We must secure unique citizens ID and full privacy protection. The card being an offline tool is today the only viable solution for secure unique biometric user ID as IOT devices can be hacked. The increasing number of terror attacks both physically and virtually calls for solutions to protect the society, citizens and the critical infrastructure. The biometric card with backend authentication system provides such a tool for protection in all card with much lower risk for hacking and removes the risk of losing critical biometric data from databases.

The overall objective is to provide unique user identification and have your privacy protected.

Work performed

Year 2 of the development has stabilized and improved the technology further and has brought along the first production batches for testing and pre-qualification for certification of the card products. Market intelligence has been increased with a now fully functional biometric card product. Concentration is on improving user experience and refine the production process before moving into card production for end user test in end Q2 2019.

Several task have been completed during year 2 and some minor changes in the project made to improve functionality. Market research revealed a broader application layer for biometric card solution in all card verticals like ID, financial, medical, access but also very importantly work as a “Cold wallet “ solution. The research has ended up with confirmation of the need for 3 different types of card configuration:

- An energy harvesting solution, typically financial, ID and access cards
- A hybrid card for financial, ID, access and logon solutions
- A card rechargeable card for long term high frequency use in specially in access, cold wallet and other high frequency use cases

Based on the market intelligence and updated card specifications the second period the following results were achieved.

1. The change to biometric fingerprint touch sensor completed.
2. The sensor embedding process using ACF technology completed successfully.
3. Manufacturing of cards for testing completed with passing preliminary MasterCard CQM test and wrapping test
4. Successful communication established between card, authentication server and HSM
5. Updated the card with ability to transmit code via NFC.
6. Tested all needed features for backend server administration including full integration and synchronization with HSM
7. Tested card with +200 different individuals with no false acceptances and less than 3 % false rejections of fingerprint.
8. Finalized card specifications on cards mainly wanted in the market.
9. Implemented large and mid-size E-ink dot Matrix display on card.
10. Completed and tested connectivity to host device via NFC and /or BLE to be fully functional.
11. Schematics for mature card design initiated for production late Q2 2019
12. Offline storage solution of fingerprint templates encrypted in HSM is completed.

Final results

Stricter GDPR regulations have now been in force almost a year and it is clear that our solution provides a secure and GDPR compatible system solution in the most efficient and secure way ever seen. OTP, dynamic CVV, dynamic PIN and sending code via NFC is tested and ready giving a strong platform to handle tokenization and PSD2 as well. Risk of identity theft can be dramatically reduced by the solution, as the authentication is moved offline with only online tokens visible. The offline template storage enables sending a biometric encoded credit cards by mail ensuring only the cardholder´s fingerprint can activate the card.

PSD2 requirement implemented in the EU in 2018 added as compliance factor with payee number and amount being included in e-commerce data. A mathematical algorithm has been developed and ready for testing before full implementation in HSM to create the final transaction string.

Biometric verification (template match) in Secure Element ensuring biometric verification directly on card is the solution of the future, but for full security it needs the tokenization provided with this project.

QuardCard security is significantly above other card solutions of today. When implemented in all financial transactions most losses caused by cybercrimes can be eliminated as only persons having the correct fingerprint are authenticated.

Distributed storage of fingerprints in offline cards, is a huge step forward securing identity protection of citizens, and system wise a huge improvement as any transactions are uniquely identified without exposing critical personal data but sending biometric ID through exchange of one-time-codes.

This also enables block chain and Crypto Currency exchange platforms legitimacy, as it will be possible to give each created block a tokenized biometric stamp. In case of suspected criminal activities, authorities can via a block chain data dump identify persons having performed any criminals activities and eliminating Cryptocurrencies used as ransom payments for deleting malware.

The solution can provide huge savings on Cyber-attack losses by only allowing biometrically identified access to databases and keep critical data stored only in the card out of hacker reach and only accessible with the users biometric authentication.

Website & more info

More info: http://www.quardlock.com.